TheWindowsClub News

TheWindowsClub Tech News covers the latest Microsoft Windows 10 news, along with other products & services like Office, etc.

Google Chrome now blocks Gamepad access on ‘insecure’ websites

Google Chrome is making changes to how the Gamepad API works. As a result, Chrome now requires a secure context for the Gamepad API to function as desired. TheWindowsClub has come across a new web browser policy behind chrome://flags starting with Chrome 86 Canary for Mac, Windows, Linux, Chrome OS, Android platforms. This way, Chrome wants to restrict ‘insecure’ Gamepad access.

Google Chrome restrict gamepad access

Restrict gamepad access in Google Chrome

The Gamepad API allows web apps to directly act on gamepad data. It also enables access and response to signals from a gamepad and other game controllers.

Meanwhile, Chrome is working with Mozilla and other web browser makers to make this a standard policy to achieve a secure context with Gamepad controllers. Enabling this experimental flag enables feature policy and secure context restrictions on the Gamepad API. Here’s what it means:

Restricting the Gamepad API to secure context means one thing: Chrome will essentially force the Gamepad API to only work with HTTPS websites. In other words, Chrome will render Gamepad controllers useless on non-HTTPS websites. Chrome and other browsers will show a developer console warning if the API is called from a less secure (HTTP) context.

Google Chrome restrict gamepad access

Chrome is also likely to enable Permission Policy integration in the future. As a result, third-party contexts seeking access to the Gamepad API will have to be explicitly granted access by the hosting website in question, courtesy of a Permissions Policy. As a result, disallowed third-party contexts calling the Gamepad API will encounter a JavaScript security error.

How to enable the Restrict gamepad access flag

  1. Open Chrome Canary
  2. Open chrome://flags
  3. Locate Restrict gamepad access
  4. Set the flag to Enable immediately when a tab is hidden using the drop-down menu
  5. Relaunch Chrome

Mozilla is planning to make a secure context for .getGamepads() mandatory by default starting Firefox 81. Aiming to avoid significant code breakage, Mozilla says calling .getGamepads() will return an empty array.

As of now, Firefox developer console shows a warning when .getGamepads() method is called from insecure contexts.

Updated on Tags:

TanmayPatange@TWCN

Tanmay loves writing about Technology, Internet, Apps, Social Media, and Cybersecurity. He also tracks OTT video content streaming space and likes to spend his weekends watching plays. You can contact him on Twitter @techtsp.